3proxy contains a double free vulnerability in the ftpprchild() function, which frees param->hostname and calls the parsehostname() function, which in turn attempts to free param->hostname again.

Impact

A remote attacker could send a specially crafted request to the proxy, possibly resulting in a Denial of Service. Under typical configuration, the scope of this vulnerability is limited to the local network.